diff --git a/docs/src/content/docs/reference/faq.md b/docs/src/content/docs/reference/faq.md
index bfda7478797..7ba63675bf1 100644
--- a/docs/src/content/docs/reference/faq.md
+++ b/docs/src/content/docs/reference/faq.md
@@ -316,6 +316,12 @@ on:
 
 This approach maintains security while allowing CI to run after PR creation. See [GitHub Actions workflow_run documentation](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run) for details.
 
+## Platform Support
+
+### Why don't agentic workflows support macOS runners?
+
+Agentic workflows require Docker for the [Agent Workflow Firewall](/gh-aw/reference/sandbox/) (Squid proxy + agent containers), the MCP Gateway, and containerized MCP servers. GitHub-hosted macOS runners are themselves virtual machines (`Apple M1 (Virtual)`) that do not support nested virtualization, making it impossible to run Docker — Docker Desktop, colima, and QEMU all fail with `Virtualization is not available on this hardware`. Until GitHub offers macOS runners with Docker support or a non-Docker container runtime becomes viable, agentic workflows require Linux (`ubuntu-*`) runners.
+
 ## Workflow Design
 
 ### Should I focus on one workflow, or write many different ones?